[libdjml]

Given the posted article is about the poor security posture of most home routers, has anyone inspected ubiquiti?

I gather they have a bug bounty which is a good start, but so do Netgear and their routers are still full of bad vulns.

[arminiusreturns]

It is worth remember that unlike those home routers, Ubiquiti's EdgeOS is based on a production major network os, Vyatta, (as is VyOs), and therefor has a lot more scrutiny and bug fixing than those other things, which are often even more complicated by the lack of foss hardware or standardized ways to do things (many routers are stuck on whatever the manufacturer put on it in the factory). I'm sure Ubiquiti's code is probably ripe for fuzzing, etc, but a well configured EdgeOS device I would put against any cisco, cumulus , extremeos, routeros, junos, pfsense, ipfire, etc device any day. The main benefit of something like Ubiquiti being asic offload that wouldn't exist if you did something like pfsense on cots x86.

The real irony of how vulnerable these devices are, is that often they are based on tech that is foss that has updates to fix those issues but has been carefully packaged up inside a blackbox the consumer doesn't get to control and therefor doesnt get those updates.

Once again, why we need a "right to root".

For national security!

[Fnoord]

Yes, nice advertisement and before I read this article I'd have agreed but the bad news is I just verified that my 2 EdgeOS products don't have NX support. Heck, one of them uses the Cavium processor mentioned in the PDFs.

[freebsd4me]

> Ubiquiti's EdgeOS is based on a production major network os, Vyatta, (as is VyOs), and therefor has a lot more scrutiny and bug fixing than those other things

Apparently you’ve not really looked at EdgeOS. https://www.theregister.co.uk/2017/03/16/ubiquiti_networking...

Vyatta was acquired by Brocade in 2012. Ubiquiti forked after that.

[arminiusreturns]

EdgeOS was really based on VyOS... which was based on Vyatta, which was still being used on major production systems even before the brocade acquisition. I have used it in prod myself. I should have said VyOs but still, the point gets across to those not looking to nitpick.